36.

Outsourcing of activities by insurance broker – An Insurance Broker can outsource the

activities given in Schedule II - Form X based on a Board approved policy

INSURANCE REGULATORY AND DEVELOPMENT AUTHORITY OF INDIA

(Insurance Brokers) Regulations, 2018
SCHEDULE II – Form X
(see regulation 36)
Outsourcing of Activities

1. Core Activities
(a) The Insurance broker shall not outsource any of the following activities in any manner
whatsoever:
i. the functions of the direct/ reinsurance/ composite broker as given in Schedule I – Form A
under Regulation 4.
ii. risk management services unless the broker does not undertake this activity at all.
iii. claims consultancy services unless the broker does not undertake this activity at all.

2. Responsibilities of the Board of Directors – 1) The Board of the insurance broking

company shall be responsible for the following functions under these Regulations:
The Board of Directors shall put in place an Outsourcing Policy covering the following:

a) Framework for assessment of risks involved in outsourcing, including the confidentiality

of data, quality of services rendered under outsourcing contracts.
b) Parameters for determining materiality of outsourcing contracts for the purpose of
determining enhanced oversight by the Insurer.
c) Parameters for determining the cost-benefit analysis for each Outsourced activity.
d) Guiding principles for evaluation of the Outsourced Service Provider including its ability
and capability to provide the required services.
e) Conflict management policy that ensure adherence to the provisions on related party
transactions as envisaged in Companies Act, 2013.
f) Norms for implementation and review of the Outsourcing Policy, Determining the
management‘s responsibility for approving, determining the consideration amount involved
and monitoring the outsourcing arrangements, and delegation of authority within the
insurance broker;
g) The degree of due diligence required for other than-material (non-core) Outsourcing
activities.
h) At least an annual review of the Outsourcing Policy keeping in mind the changes in the
internal and external environment impacting the outsourcing arrangements.
i) Annual review of the summary of the outsourced activities of the insurance broker.
j) Approval of material outsourcing contracts as per the threshold limits prescribed in the
Outsourcing
Policy.
k) Ensuring that the pricing for related party outsourcing arrangements are consistent with
accepted arms‘length principles as enshrined in the Companies Act, 2013.
3. Outsourcing Service Providers: An insurance broker can outsource activity to an entity
(other than an individual) only where the activity to be outsourced is more than 5% of the
total outsourcing expenditure (Material).

4. Due Diligence of Outsourcing Service Providers: 1) An insurance broker shall before

outsourcing the activities shall undertake due diligence of outsourcing service providers
based on best practices and needs of the broking company such as:
a) Does the main objective of the outsource service provider include activities outsourced.
b) Existence of the outsourcing service provider as projected.
c) Competence and experience to perform the activity proposed to be outsourced to it.
d) Assessing the capability of the outsourced Service Provider to employ standards
envisaged, while performing outsourced activities.
e) Security and internal controls;
f) Business continuity management;
g) Where considered necessary, insurance brokers shall obtain independent reviews and
market feedback on the service provider to supplement its own findings;
2) Due diligence undertaken during the selection process should be documented and
evaluated
periodically as part of the monitoring and control process of outsourcing.

5. Outsourcing Agreements:
1) Outsourcing arrangements shall be governed by written agreements that are legally
binding for a specified period, subject to periodical renewal, if necessary, that clearly
describe all material aspects of the outsourcing arrangement, including the rights and
obligations of all parties.
2) The outsourcing contracts, inter alia, shall have in place certain clauses or conditions
listed below, as may be applicable:
a) Information and asset ownership rights, information technology, data security and
protection of confidential information;
b) Guarantee or indemnity from the Outsourcing Service Provider towards his commitment
including liability for any failure;
c) Contingency planning of the Outsourcing Service Provider to provide business continuity
for the outsourced arrangement;
d) Express clause that the contract shall neither prevent nor impede Insurance broker from
meeting its respective regulatory obligations, nor the regulator from exercising its
regulatory powers of conducting inspection, investigation, obtaining information from either
the Insurance broker or the Outsourcing Service Provider;
e) The Insurance broker shall ensure that the Outsourcing service provider shall not sub-
contract, whole or substantial portion of any of the Outsourced activity.
f) The Insurance broker shall factor in the additional risk which flows due to subcontracting
at the time of due diligence.

6. Confidentiality and Security: The insurance broker shall satisfy itself that the outsourcing
Service Provider‘s security policies, procedures and controls will enable the insurance broker
to protect confidentiality and security of clients‘/ policyholders‘ information.
7. Legal and Regulatory Obligations: 1) Insurance brokers shall ensure that outsourcing
arrangements shall not:
a) diminish their ability to fulfill their obligations to Clients / Policyholders and the Authority.
b) impede effective supervision by the Authority.
c) result in their internal control, business conduct or reputation being compromised or
weakened.
2) These requirements apply irrespective of whether the outsourcing arrangements are
entered into with an affiliated entity within the same group as the Insurance broker, or an
outsourcing Service Provider external to the group. The Insurance broker shall comply with
the provisions of Companies Act 2013 relating to Related Party Transactions.
3) Outsourcing shall not diminish the obligations of an insurance broker and those of its
Board and Principal Officer to comply with the relevant law/s and regulations.
4) The Insurance broker is ultimately accountable for all acts of commission and omission of
the outsourcing Service Providers.
5) The Insurance broker‘s liability shall not in any way be restricted or limited by way of
outsourcing.
6) All the outsourcing Service providers engaged by insurance brokers are subjected to the
provisions of the Insurance Act,1938, IRDA Act 1999, Rules, Regulations and any other
orders issued thereunder.
7) With the objective of avoiding potential conflict of interest, Insurance brokers shall
endeavour that the Related Parties of Insurance Brokers registered with the Authority shall
ordinarily not be engaged for outsourcing any of the activities.
8) Insurance Brokers shall not outsource any activity that leads to potential conflict of
interest with the functions of the Insurance Brokers.
8. Contingency Plans: 1) Insurance Brokers are expected to establish and maintain adequate
contingency plans.
This includes disaster recovery plans and backup facilities to support the continuation of an
outsourced activity with minimal business disruption in the event of reasonably foreseeable
events that affect the ability of an Outsourcing Service Provider to continue providing the
service.
2) The contingency plans should be appropriate to the potential consequences of a business
disruption resulting from problems at the Outsourcing Service provider and should consider
contingency plans maintained by the Outsourcing Service Provider and their coordination
with the Insurance broker‘s own contingency arrangements.
3) In particular, contingency plans should ensure that the Insurance broker can readily
access all the records necessary to allow it to sustain business operations, meet statutory
obligations, and provide any information relating to the outsourced activity as may be
required by the Authority.
4) Contingency plans should also be regularly reviewed and tested to ensure that they
remain robust, particularly under changing operating conditions.

9. Maintenance of Records: 1) Insurance Brokers are expected to ensure that adequate

documentation is maintained to support their satisfaction.
2) The documentation shall support the following aspects:
a) Materiality assessments
b) Adherence to the Insurance Broker‘s outsourcing policy
c) Cost benefit analysis
d) Due diligence reviews
e) Pricing assessments;
f) Risk evaluation; and
g) The basis used to determine arm‘s length distance while arriving at the pricing of
activities that involve outsourcing with related parties of the insurance broker.
3) The documentation should be available for review by the Board and the Authority as and
when required.
4) Such documentation shall be maintained for five years from the end of the contract
period by the Insurance brokers.

10. Regulatory Access: 1) Insurance Brokers shall, in all cases, obtain an undertaking from
their outsourcing Service providers or include a provision within the Outsourcing
agreement, giving authorised representatives of the Authority the right to: -
a) examine the books, records, information, systems and the internal control environment
in the Outsourcing Service Provider (or sub-contractor as applicable), to the extent that they
relate to the service being performed for the Insurance broker; and
b) access any internal audit reports or external audit findings of the Outsourcing Service
Provider that concern the service being performed for the Insurance broker.

11. Reporting Requirements: Insurance brokers shall report all the outsourcing
arrangements where annual payout per outsourcing service provider is ten lakh rupees or
more to their Board of Directors for review.